Share this article on:
Almost half of the 80 per cent of Australian organisations targeted by ransomware paid cyber criminals, according to new Sophos research.
Global cyber security company Sophos has released its State of Ransomware 2022 report — which involves a survey of 5,600 mid-sized organisations in 31 countries — revealing 80 per cent of Australian organisations were hit with ransomware attacks over the course of 2021, up from 45 per cent in 2020.
Of those targeted, 43 per cent paid cyber criminals between US$100,000 and US$499,999.
“Alongside the escalating payments, the survey shows that the proportion of victims paying up also continues to increase, even when they may have other options available,” Chester Wisniewski, principal research scientist at Sophos, said.
“There could be several reasons for this, including incomplete backups or the desire to prevent stolen data from appearing on a public leak site.
“In the aftermath of a ransomware attack there is often intense pressure to get back up and running as soon as possible. Restoring encrypted data using backups can be a difficult and time-consuming process, so it can be tempting to think that paying a ransom for a decryption key is a faster option.”
Other findings include:
“The findings suggest we may have reached a peak in the evolutionary journey of ransomware, where attackers’ greed for ever higher ransom payments is colliding head on with a hardening of the cyber insurance market as insurers increasingly seek to reduce their ransomware risk and exposure,” Wisniewski added.
“In recent years, it has become increasingly easy for cyber criminals to deploy ransomware, with almost everything available as-a-service.”
Sophos has offered a number of recommendations for organisations to reduce vulnerabilities to ransomware attacks, which include: